CVE-2014-5251

Severity

49%

Complexity

68%

Confidentiality

81%

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N).

Overview

First reported 10 years ago

2014-08-25 14:55:00

Last updated 10 years ago

2014-10-10 05:23:00

Affected Software

OpenStack Keystone 2014.1

2014.1

OpenStack Keystone 2014.1.2

2014.1.2

OpenStack Keystone Juno-1

juno-1

OpenStack Keystone Juno-2

juno-2

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

References

RHSA-2014:1121

RHSA-2014:1122

[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)

USN-2324-1

https://bugs.launchpad.net/keystone/+bug/1347961

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.